|
|
|
|
|
|
by tptacek
4724 days ago
|
|
|
This is a great post, in which the lead security person at Etsy built a system to determine which HTTPS/TLS CA's actually got used in traffic from their office to the Internet. Less than 29% of the CAs their browser trusted actually saw any use! This sounds like something to be outraged about but is actually constructive good news: if more people repeat the experiment, someone could invest some engineering time into building a tool that would prune out CAs from browser trust stores. Every CA removed from your browser is one less attack vector. |
|
|